A long, long time ago
\nI can still remember
\nHow those CVEs would make me smile
\nAnd I knew if I had my chance
\nTo patch a vuln or take a stance
\nMaybe we\u2019d be secure for a while<\/p>\n
But April ides made me shiver
\nWith each leaked memo and press release delivered
\nBad news on the doorstep
\nCouldn\u2019t take one more step<\/p>\n
I can\u2019t remember if I sighed
\nWhen I read about the program\u2019s demise
\nBut something broke me deep inside
\nThe day the CVE died<\/p>\n
So bye, bye, MITRE\u2019s CVE pie
\nChecked the vuln feed in my Feely
\nBut the Feedly ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh
\nThis\u2019ll be the day that I sigh\u201d<\/p>\n
Did you write the book of flaws
\nAnd do you have faith in CISA\u2019s cause
\nAs the budget fails you so?
\nDo you believe in NVD
\nCan it save our infosec sanity
\nNow that MITRE\u2019s left out in the cold?<\/p>\n
Well, I know you\u2019re chasing vulns with me
\nSaw your commits in the CVE tree
\nWe both diffed those exploit clues
\nMan, I miss those vuln ID blues<\/p>\n
I was a lonely analyst on the hunt
\nWith a zero-day and a coffee cup
\nBut I knew I was out of luck
\nThe day the CVE died<\/p>\n
I started singing
\nBye, bye, MITRE\u2019s CVE pie
\nChecked the vuln feed in my Feely
\nBut the Feedly ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh
\nThis\u2019ll be the day that I sigh\u201d<\/p>\n
Now for twenty-five years we\u2019ve been on our own
\nBut the funding\u2019s gone, the seeds are sown
\nThat\u2019s not how it used to be
\nWhen MITRE sang for DHS
\nAnd catalogued every software mess
\nIn a voice that came from you and me<\/p>\n
Oh, and while the vendors looked around
\nThe hackers stole the thorny crown
\nNo verdict was returned
\nAnd the vuln world, it just burned
\nAnd while defenders read advisories
\nThe attackers practiced in the dark
\nAnd we sang dirges in the park
\nThe day the CVE died<\/p>\n
We were singing
\nBye, bye, MITRE\u2019s CVE pie
\nChecked the vuln feed in my Feely
\nBut the Feedly ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh
\nThis\u2019ll be the day that I sigh\u201d<\/p>\n
Helter skelter before the summer swelter
\nThe KEV flew off with no shelter
\nZero-days high and falling fast
\nIt landed foul on the grass
\nThe vendors tried for a forward pass
\nWith MITRE on the sidelines in a cast<\/p>\n
Now the half-time air was sweet perfume
\nWhile the Red Team played a marching tune
\nWe all got up to dance
\nOh, but we never got the chance
\n\u2018Cause the vendors tried to take the field
\nThe bug bounty band refused to yield
\nDo you recall what was revealed
\nThe day the CVE died?<\/p>\n
We started singing
\nBye, bye, MITRE\u2019s CVE pie
\nChecked the vuln feed in my Feely
\nBut the Feedly ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh<\/p>\n
Oh, and there we were all in one place
\nA generation lost in cyberspace
\nWith no time left to start again
\nSo come on: Jack be nimble, Jack be quick
\nJack Flash sat on a candlestick
\n\u2018Cause fire is the hacker\u2019s only friend<\/p>\n
Oh, and as I watched it on the stage
\nMy hands were clenched in fists of rage
\nNo angel born in hell
\nCould break that budget spell
\nAnd as the flames climbed high into the night
\nTo light the sacrificial rite
\nI saw Musk laughing with delight
\nThe day the CVE died<\/p>\n
He was singing
\nBye, bye, MITRE\u2019s CVE pie
\nChecked the vuln feed in my Feely
\nBut the Feedly ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh<\/p>\n
I met a dev who sang the blues
\nAnd I asked her for some happy news
\nBut she just smiled and turned away
\nI went down to the sacred store
\nWhere I\u2019d checked for CVEs before
\nBut the sysadmin said the feeds wouldn\u2019t play<\/p>\n
And in the streets, the hackers screamed
\nThe CISOs cried, and the devs all dreamed
\nBut not a word was spoken
\nThe patching chain was broken
\nAnd the three things I admire most:
\nThe patch, the fix, and the vuln disclosure post
\nThey caught the last train for the coast
\nThe day the CVE died<\/p>\n
And they were singing
\nBye, bye, MITRE\u2019s CVE pie
\nDrove my vuln feed to the levee
\nBut the levee ran dry
\nAnd them good old nerds were drinking whiskey and rye
\nSingin\u2019, \u201cThis\u2019ll be the day that I sigh
\nThis\u2019ll be the day that I sigh\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
A long, long time ago I can still remember How those CVEs would make me smile And I knew if I had my chance To patch a vuln or take a stance Maybe we\u2019d be secure for a while But April ides made me shiver With each leaked memo and press release delivered Bad news […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"federated","footnotes":""},"categories":[681],"tags":[],"class_list":["post-24853","post","type-post","status-publish","format-standard","hentry","category-cybersecurity"],"yoast_head":"\n